From October 2009 through the present day, one industry alone has reported 900 different breaches. And none of those 900 were limited in their scope – in each, at least 500 individuals were affected. Who knows how many other smaller breaches happened, without public knowledge.

To prevent costly breaches such as this one from happening, Netwrix Corporation suggests the following best practices every health care organization or insurance provider should implement and maintain to ensure HIPAA compliance.

U.S. intelligence agencies warned the Department of Health and Human Services that the Healthcare.gov may have been compromised by contractors from Belarus who worked on developing code for the network who are suspected of inserting malicious code.

There is a natural tendency to lump security and compliance together. Intuitively it just makes sense right? The biggest compliance frameworks like PCI, GLBA, SOX and HIPAA are all looking to ensure that our security is up to snuff. In fact, if we do security right, compliance should come naturally, with very little additional technical work.

The Iowa Department of Human Services on Wednesday warned former patients at the Mental Health Institute in Independence and others, about a possible breach of their confidential information due to a lost backup tape.

Before malware could become a threat to medical devices, Adam Ely said attackers would have to write malware specifically targeted to these devices and organizations; or the devices would have to adopt a standard platforms and software.

Something I believe industry urgently needs is better standards for information exchange between security solutions. Unfortunately while TCG has had feedback from the IT community, they have received little from the SCADA or ICS community. I encourage everyone involved with SCADA and ICS security to review the specification.

In our previous post on patient privacy, we noted that patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never return to tell the story...

Before you tell me that risk classifications are important, water is wet, the sun is hot and ice is cold, I'd like to remind you how many enterprises still do it poorly. I almost wish it was a simple as data telling you it's critical or not, but let's face it the game is very rarely that simple...

It is no accident that the largest healthcare organizations have the highest rate of patient-privacy breaches. The old saying – “the bigger they are, the harder they fall” is true, but more than that is happening when it comes to patient-privacy breaches in America as a whole...

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money...

Patient data loss is a lot like planes disappearing in the Bermuda Triangle – no one really knows where the planes disappeared to, since the people on the planes never came back to tell the story. The same way we talk about patient data loss and never really consider how you can “lose” patient data and whether it can be “returned”.

We need a well-conceived set of administrative and technical controls - our policy, while still acknowledging that every living creature on the planet is organically attached to a smart device, must dictate that the user will follow the policy at risk of termination...